At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote:
"
Sockstress computes and stores so-called client-side SYN cookies and
enables Lee and Louis to specify a destination port and IP address.
The method allows them to complete the TCP handshake without having
to store any values, which takes time and resources. "We can then
say that we want to establish X number of TCP connections on that
address and that we want to use this attack type, and it does it," Lee said.
"
This is simply the naphta attack. They don't really need to "use syn
cookies". They could simply ACK any SYN/ACK they receive, and that's it.
The attack is not new, and they are not proposing any counter-measures.
It doesn't mean does this does not need attention... but they are not
making any new contribution to the issue.
Kind regards,
--
Fernando Gont
e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
